CVE-2016-10735

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-10735

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10735.json

Aliases

GHSA-4p24-vmcr-4gqj

Related

ALSA-2020:4670
RLSA-2020:4670
RLSA-2020:4847

Published

2019-01-09T05:29:00Z

Modified

2023-11-29T05:11:13.250789Z

Details

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.

References

https://access.redhat.com/errata/RHBA-2019:1076
https://access.redhat.com/errata/RHBA-2019:1570
https://access.redhat.com/errata/RHSA-2019:1456
https://access.redhat.com/errata/RHSA-2019:3023
https://access.redhat.com/errata/RHSA-2020:0132
https://access.redhat.com/errata/RHSA-2020:0133
https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/
https://github.com/twbs/bootstrap/issues/20184
https://github.com/twbs/bootstrap/pull/23687
https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
https://github.com/twbs/bootstrap/pull/23679
https://github.com/twbs/bootstrap/pull/26460
https://www.tenable.com/security/tns-2021-14

Affected packages

Git / github.com/twbs/bootstrap

Affected ranges

Type: GIT
Repo: https://github.com/twbs/bootstrap
Events: Introduced

e8a1df5f060bf7e6631554648e0abde150aedbe4

Fixed

4c547f2175b9a05aa43551f6927da83fe249ce42

Affected versions

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.1.0

v3.1.1

v3.2.0

v3.3.0

v3.3.1

v3.3.2

v3.3.4

v3.3.5

v3.3.6

v3.3.7